ESET Insiders NewbyUser 73 Posted September 8, 2021 ESET Insiders Share Posted September 8, 2021 Got an alert about a device from Venezuela logging in, now my password no longer works. How do I regain control? Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 8, 2021 Author ESET Insiders Share Posted September 8, 2021 Gotta say putting licensing details in something so easily taken over is a bad idea. If it was detected to be a strange login why would it be allowed? Come on Eset. Do better. Geez Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 8, 2021 Author ESET Insiders Share Posted September 8, 2021 Now I get the obvious email about my license being overused, couldn't have seen that coming lol. Not impressed with Eset at the moment. I started a support ticket right after I was locked out. #00240573 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 8, 2021 Author ESET Insiders Share Posted September 8, 2021 (edited) I believe I recovered the account. But there aren’t any devices that I don’t recognize. Not sure what happened. Edited September 8, 2021 by NewbyUser Link to comment Share on other sites More sharing options...
Most Valued Members Solution Nightowl 202 Posted September 8, 2021 Most Valued Members Solution Share Posted September 8, 2021 Reset passwords for everything related to your ESET account , including your email address , just to make sure you are not compromised in another places. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,073 Posted September 8, 2021 Administrators Share Posted September 8, 2021 If you have re-used the password from these services, someone else could easily log into your my.eset.com account: As already suggested above, reset your password to a unique one that is not easy to guess and that you don't use for login elsewhere. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted September 8, 2021 Most Valued Members Share Posted September 8, 2021 Hopefully 2FA will be soon. I have mentioned previously this will keep happening Link to comment Share on other sites More sharing options...
Administrators Marcos 5,073 Posted September 8, 2021 Administrators Share Posted September 8, 2021 6 minutes ago, peteyt said: Hopefully 2FA will be soon. I have mentioned previously this will keep happening This will help security-aware users who will enable it. However, these users usually don't recycle the password for accounts at various web services. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 8, 2021 Author ESET Insiders Share Posted September 8, 2021 1 hour ago, peteyt said: Hopefully 2FA will be soon. I have mentioned previously this will keep happening Yes, that would help. I have 2FA enabled where it is available for the most part. Fortunately the email account tied to myeest account is one of them. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 8, 2021 Author ESET Insiders Share Posted September 8, 2021 6 hours ago, Marcos said: If you have re-used the password from these services, someone else could easily log into your my.eset.com account: As already suggested above, reset your password to a unique one that is not easy to guess and that you don't use for login elsewhere. Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now almost to the day. peteyt 1 Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted September 8, 2021 Most Valued Members Share Posted September 8, 2021 6 hours ago, NewbyUser said: Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now almost to the day. 10 hours ago, Marcos said: This will help security-aware users who will enable it. However, these users usually don't recycle the password for accounts at various web services. 6 hours ago, NewbyUser said: Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now almost to the day. I agree that those not security aware will probably not enable it in general. However with 2FA at least Eset would be doing their part. I suppose it's like saying don't open dodgy emails, people do but Eset has protections. I also find it strange that I'm sure I've seen it recommended to have 2FA enabled on posts on welivesecurity which is ran by Eset, yet eset is not using it itself. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted September 9, 2021 ESET Moderators Share Posted September 9, 2021 Well 2FA is on the list of features to implement and we want to have it available there, but as many others so a prioritization plays the role here. Peter Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 9, 2021 Author ESET Insiders Share Posted September 9, 2021 On 9/8/2021 at 4:21 PM, peteyt said: I also find it strange that I'm sure I've seen it recommended to have 2FA enabled on posts on welivesecurity which is ran by Eset, yet eset is not using it itself. Stranger yet, they even have their own 2FA, for business users. https://www.eset.com/my/business/two-factor-authentication/ Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 9, 2021 Share Posted September 9, 2021 (edited) The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use. When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. I can also receive a voice call containing the code instead. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds. Note the 2FA elements deployed. The first is valid user id and password. The second is a one-time use served up security code. Edited September 9, 2021 by itman NewbyUser 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 9, 2021 Author ESET Insiders Share Posted September 9, 2021 4 minutes ago, itman said: The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use. When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds. Note the 2FA elements deployed. The first is valid user id and password. The second is a one-time use served up security code. Totally agree. I'm more shocked you have a "vintage" non-smart phone lol. Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 9, 2021 Share Posted September 9, 2021 Just now, NewbyUser said: Totally agree. I'm more shocked you have a "vintage" non-smart phone lol. Costs me $5 a month, that's why. NewbyUser 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 9, 2021 Author ESET Insiders Share Posted September 9, 2021 1 minute ago, itman said: Costs me $5 a month, that's why. Like with real buttons? No screen? Didn't know they made any like that these days. Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 9, 2021 Share Posted September 9, 2021 Just now, NewbyUser said: Like with real buttons? No screen? Didn't know they made any like that these days. When I stated "vintage" I meant I purchased phone in 2003. It still works fine. It does have a browser but forget using it. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted September 9, 2021 Author ESET Insiders Share Posted September 9, 2021 Awesome. Had Blackberrys back in those days. Awesome phones Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 316 Posted October 4, 2021 ESET Moderators Share Posted October 4, 2021 On 9/9/2021 at 11:11 PM, itman said: The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use. When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. I can also receive a voice call containing the code instead. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds. I just stumbled upon this older thread and I need to add that SMS-based 2FA is not a good idea. The mobile network was not built with security in mind, the text messages are sent in plain text, they can be easily spoofed or intercepted. You can google that, the internet is full of recommendations not to use that type. A one-time password generated on the device, based on a secret seed, is a much secure option. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 7, 2021 Share Posted October 7, 2021 (edited) On 10/4/2021 at 12:22 PM, TomasP said: A one-time password generated on the device, based on a secret seed, is a much secure option. +1 Edited October 7, 2021 by itman Link to comment Share on other sites More sharing options...
Recommended Posts